Software quality and reliability improvements have been made at many facets of the software development lifecycle. Analysis of the impact of software defects has shown potentially astronomical costs associated with many such defects. Examples of software defects include memory leaks, deadlocks, and other hazardous program states. In some cases, static analysis tools can help to improve software quality, perform impact analysis, detect vulnerabilities, detect inefficiencies, and prevent potentially costly defects.
Static analysis tools can be used at any stage of the software development lifecycle, and may involve the analysis of software code for one or more known potential defects. This analysis may be performed at the initial design stage of a new software product or may be used to maintain and/or upgrade existing applications. In either stage, software static analysis tools have proven useful in the design and implementation of many software systems.
Static analysis tools may utilize context-sensitive or context-insensitive analysis. Context-sensitive analysis distinguishes different calling contexts at different call sites. Accordingly, context-sensitive analyses can be much more precise than context-insensitive analyses. However, context-sensitive analyses are often exponential and expensive. All functions need to be analyzed in complete detail, which may result in unnecessary computations. Precisely modeling all side effects of a function can be very complex. For example, it is sometimes infeasible to model all potential side effects at the presence of recursion. As a result, traditional context sensitive analysis may be difficult to implement efficiently.